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Introduction 


This brief report summarizes research and planning conducted during Summer 1993 
for MSFC on the subjects of risk identification, assessment, and management. Research 
findings are presented, citing useful references. The major output of this work, the AXAF-S 
Project Risk Management Plan is outlined. 


Body 

Risk Identification, the first step in the three-step risk analysis process (1), consists 
of definition and characterization of all potential problems including analysis of cause-and- 
effect, primary/secondary impacts on the project, and a qualitative assessment of whether 
each potential problem is high, medium, or low risk. Risk identification is best done via 
team meetings, individual interviews, or questionnaires—using the experience and technical 
details available in the project. There are other sources of risk identification information 
(Garland Bauch, NASA/JSC GM3/SSP Configuration Management, identified over fifty 
possibilities in collaboration with the author during July 1993) which may fit neatly into the 
following six categories: 1) Checklists, lessons learned, and so-called risk "templates"; 2) 
One-on-one interviews, questionnaires; 3) Formal project or engineering reviews; 4) 
Cause-and-effect diagrams, brainstorming; 5) Tiger Teams, external reviews; 6) Extracts 
from project documents such as planning documents in the "illities", and requirements 
documents. 

Risk assessment, the second step in risk analysis, uses information from risk 
identification, probability encoding techniques, and various quantitative methods to synthesize 
the input uncertainties into an overall assessment of program risk. Risk assessment 
techniques and the necessary math models they use are fully detailed in (1, 2). 

Risk management (4) uses information from risk identification and risk assessment 
in decision-making in order to reduce risk. Risk management occurs when the appropriate 
manager or team takes action to avoid a risk, or to handle it in some way . Risk management 
strategies are numerous, and must fit the given project or situation. General categories of 
risk management strategies are: 1) Risk avoidance-select a lower risk alternative, or 

eliminate a requirement or system element; 2) Risk control-actions taken to either reduce 
the probability of a problem occurring, or to mitigate the consequences if it should occur; 
3) Risk transfer-either transfer or share risk through mechanisms such as contract-types and 
warranties, or change the risk from one form (e.g., schedule) to another (cost); 4) Risk 
assumption— based on an informed understanding of the potential problem (i.e. , its probability 
and consequences), agree to do nothing and accept the consequences should the problem 
occur; 5) Knowledge and research- when a team cannot select strategies 1-4 based on 
inadequate information, they may appoint a Tiger Team or even set-up a small R&D project 
to increase their knowledge of the risk. 
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Finally, a sixty-page "AXAF-S Project Risk Management Plan" was written. This 
comprehensive plan for a project risk analysis activity, focused on the AXAF-S top-level 
team (the Core Product Development Team) as the decision authority for risk management 
and tracking, includes the results of the preliminary AXAF-S risk area identification 
activities as a series of tables in Section 4.0. An outline of this plan is provided in Table 
1 below. The Risk Reduction Plans and concept for the Risk Tracking System are based on 
ideas in (4, Chapter 12 and 13) . 
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